package com.woohua.security.web;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;

import javax.annotation.security.RolesAllowed;

/***
 * @title AuthController
 * @description
 * @author baiji
 * @version 1.0.0
 * @create 2023/11/23 16:29
 **/
@Controller
public class AuthController {

    /**
     * 只用角色ONE才能访问
     * @return
     */
    @Secured({"ROLE_ONE", "ROLE_USER", "ROLE_ADMIN"})
    @GetMapping("one")
    public String one() {
        return "auth/one";
    }

    /**
     * 只用角色TWO才能访问
     * @return
     */

    @PreAuthorize("hasAnyRole('TWO', 'USER', 'ADMIN')")
    @GetMapping("two")
    public String two() {
        return "auth/two";
    }

    /**
     * 只用角色THREE才能访问
     * @return
     */
    @RolesAllowed({"THREE", "USER", "ADMIN"})
    @GetMapping("three")
    public String three() {
        return "auth/three";
    }

    /**
     * 权限不足时默认展示的页面
     * @return
     */
    @GetMapping("limit")
    public String limit() {
        return "auth/limit";
    }
}
